?? biosinformation.cpp
字號:
// BiosInformation.cpp: implementation of the CBiosInformation class.
//
//////////////////////////////////////////////////////////////////////
#include "stdafx.h"
#include "BiosInformation.h"
typedef struct _UNICODE_STRING {
USHORT Length;//長度
USHORT MaximumLength;//最大長度
PWSTR Buffer;//緩存指針,訪問物理內存時,此處指向UNICODE字符串"\device\physicalmemory"
} UNICODE_STRING,*PUNICODE_STRING;
typedef struct _OBJECT_ATTRIBUTES {
ULONG Length;//長度 18h
HANDLE RootDirectory;//00000000
PUNICODE_STRING ObjectName;//指向對象名的指針
ULONG Attributes;//對象屬性00000040h
PVOID SecurityDescriptor; //Points to type SECURITY_DESCRIPTOR,0
PVOID SecurityQualityOfService; //Points to type SECURITY_QUALITY_OF_SERVICE,0
} OBJECT_ATTRIBUTES,*POBJECT_ATTRIBUTES;
typedef DWORD (__stdcall *ZWOS)(PHANDLE,ACCESS_MASK,POBJECT_ATTRIBUTES);
typedef DWORD (__stdcall *ZWMV)(HANDLE,HANDLE,PVOID,ULONG,ULONG,PLARGE_INTEGER,PSIZE_T,DWORD,ULONG,ULONG);
//////////////////////////////////////////////////////////////////////
// Construction/Destruction
//////////////////////////////////////////////////////////////////////
CBiosInformation::CBiosInformation()
{
m_lpBiosInfo=NULL;
}
CBiosInformation::~CBiosInformation()
{
}
BOOL CBiosInformation::Init()
{
if(NULL!=m_lpBiosInfo)
return TRUE;
//讀入ntdll.dll,得到函數地址
HMODULE hinstLib;
ZWOS ZWopenS;
ZWMV ZWmapV;
hinstLib=LoadLibrary("ntdll.dll");
if(NULL==hinstLib)
return FALSE;
ZWopenS=(ZWOS)GetProcAddress(hinstLib,"ZwOpenSection");
ZWmapV=(ZWMV)GetProcAddress(hinstLib,"ZwMapViewOfSection");
if(NULL==ZWopenS || NULL==ZWmapV)
return FALSE;
//調用函數,對物理內存進行映射
wchar_t strPH[]=L"\\device\\physicalmemory";//*
UNICODE_STRING struniph;
struniph.Buffer=strPH;
struniph.Length=0x2c;//*注意大小是按字節算,雙字節一個字符
struniph.MaximumLength =0x2e;//也是字節
OBJECT_ATTRIBUTES obj_ar;
obj_ar.Attributes=64;//屬性40h
obj_ar.Length=24;//OBJECT_ATTRIBUTES類型的長度18h
obj_ar.ObjectName=&struniph;//指向對象的指針
obj_ar.RootDirectory=0;
obj_ar.SecurityDescriptor=0;
obj_ar.SecurityQualityOfService=0;
HANDLE hSection;
if(0!=ZWopenS(&hSection,4,&obj_ar))
return FALSE;
DWORD ba;
LARGE_INTEGER so;
SIZE_T ssize;
ba=0;//聯系后的基址將在這里返回
so.LowPart=0x000f0000;//物理內存的基址,就是f000:0000
so.HighPart=0x00000000;
ssize=0xffff;
if(0!=ZWmapV((HANDLE)hSection,(HANDLE)0xffffffff,&ba,0,0xffff,&so,&ssize,1,0,2))
return FALSE;
m_lpBiosInfo=(LPSTR)ba;
return TRUE;
}
BOOL CBiosInformation::GetBiosDate(LPSTR szDate)
{
if(0==isalnum(*(m_lpBiosInfo+0xfff5)))
return FALSE;
strcpy(szDate,m_lpBiosInfo+0xfff5);
return TRUE;
}
BOOL CBiosInformation::GetAwardBiosID(LPSTR szBiosID)
{
// if(strstr(m_lpBiosInfo+0xe061,"Award")==NULL)
// return FALSE;
if(0==isalnum(*(m_lpBiosInfo+0xe061)) || 0==isalnum(*(m_lpBiosInfo+0xec71)))
return FALSE;
strcpy(szBiosID,m_lpBiosInfo+0xec71);
return TRUE;
}
BOOL CBiosInformation::GetAMIBiosID(LPSTR szBiosID)
{
// if(strnicmp(m_lpBiosInfo+0xf400,"AMIBIOS",7)!=0)
// return FALSE;
if(0==isalnum(*(m_lpBiosInfo+0xf400)) || 0==isalnum(*(m_lpBiosInfo+0xf478)))
return FALSE;
strcpy(szBiosID,m_lpBiosInfo+0xf478);
return TRUE;
}
BOOL CBiosInformation::GetBiosID(LPSTR szBiosID)
{
if(!Init())
{
*szBiosID='\0';
return FALSE;
}
if(!GetAwardBiosID(szBiosID))
{
if(!GetAMIBiosID(szBiosID))
{
if(!GetBiosDate(szBiosID))
{
*szBiosID='\0';
return FALSE;
}
}
}
return TRUE;
}
?? 快捷鍵說明
復制代碼
Ctrl + C
搜索代碼
Ctrl + F
全屏模式
F11
切換主題
Ctrl + Shift + D
顯示快捷鍵
?
增大字號
Ctrl + =
減小字號
Ctrl + -